You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Symantec announced yesterday in a new blog article that they used a weakness in the ZeroAccess botnet to liberate over a half of million computers. Exploiting this weakness allowed Symantec to drop these infected computers from the botnet so that they no longer received and ran commands issued by the ZeroAccess developers.

Back in March Symantec began analyzing a weakness in ZeroAccess that would allow them to sinkhole infected computers from the botnet. ZeroAccess communicates with its infected computers through the use of a peer-to-peer command and control system. When ZeroAccess infected computers are sinkholed they are cut off from this command & control center so that they are no longer able to receive commands and execute them. Though these computers are still infected, they will no longer run further services for the malware developer such as Bitcoin Mining, which consumes large amounts of CPU power and electricity.

On June 29th, Symantec discovered that a new update was being pushed out for ZA that would potentially patch this known weakness. With this knowledge, Symantec acted quickly before they lost their chance and were able to sinkhole over a half a million computers. This operation has had a serious impact on the ZeroAccess organization and is estimated to have cut their revenue significantly.